Add 'flux/' from commit '57e0c3e15534303076055628a469603c385f383a'
git-subtree-dir: flux git-subtree-mainline:4d0b7496d6
git-subtree-split:57e0c3e155
This commit is contained in:
commit
eda5075f08
20
flux/README.md
Normal file
20
flux/README.md
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
# Kubernetes Cluster
|
||||||
|
This is my personal Kubernetes Cluster. [Flux] watches this git repo and reconciles and changes made to the cluster.
|
||||||
|
|
||||||
|
## Directory structure
|
||||||
|
The main directory is `cluster`, it contains the following subdirectories in the order that flux will apply them:
|
||||||
|
* **base**: the entrypoint for Flux
|
||||||
|
* **crds**: contains the CRDs that are needed for anything running in the cluster, these get applied earlier to make sure they exist
|
||||||
|
* **core**: important core infrastructure applications, grouped by namespace, that should never be pruned
|
||||||
|
* **apps**: common applications that are allowed to be pruned by flux
|
||||||
|
|
||||||
|
## Bootstrap
|
||||||
|
The cluster was bootstrapped using the following command:
|
||||||
|
```
|
||||||
|
flux bootstrap git --url=ssh://git@git.xirion.net:2222/olympus/flux.git --branch=main --path=cluster/base/ --ssh-key-algorithm=ed25519 --components-extra=image-reflector-controller,image-automation-controller
|
||||||
|
```
|
||||||
|
|
||||||
|
## References
|
||||||
|
Heavily inspired by: [onedr0p's cluster](https://github.com/onedr0p/home-cluster)
|
||||||
|
|
||||||
|
[Flux]: https://github.com/fluxcd/flux2
|
2
flux/bootstrap.sh
Executable file
2
flux/bootstrap.sh
Executable file
|
@ -0,0 +1,2 @@
|
||||||
|
#!/bin/sh
|
||||||
|
flux bootstrap git --url=ssh://git@git.xirion.net:2222/olympus/flux.git --branch=main --path=cluster/base/ --ssh-key-algorithm=ed25519 --components-extra=image-reflector-controller,image-automation-controller
|
5
flux/cluster/apps/kustomization.yaml
Normal file
5
flux/cluster/apps/kustomization.yaml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- networking
|
||||||
|
- presidential-paradise
|
4
flux/cluster/apps/networking/kustomization.yaml
Normal file
4
flux/cluster/apps/networking/kustomization.yaml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- traefik
|
67
flux/cluster/apps/networking/traefik/helm-release.yaml
Normal file
67
flux/cluster/apps/networking/traefik/helm-release.yaml
Normal file
|
@ -0,0 +1,67 @@
|
||||||
|
---
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: traefik
|
||||||
|
namespace: networking
|
||||||
|
spec:
|
||||||
|
interval: 5m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
# renovate: registryUrl=https://helm.traefik.io/traefik
|
||||||
|
chart: traefik
|
||||||
|
version: 10.6.2
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: traefik-charts
|
||||||
|
namespace: flux-system
|
||||||
|
interval: 5m
|
||||||
|
values:
|
||||||
|
image:
|
||||||
|
name: traefik
|
||||||
|
deployment:
|
||||||
|
kind: Deployment
|
||||||
|
replicas: 2
|
||||||
|
service:
|
||||||
|
enabled: true
|
||||||
|
type: LoadBalancer
|
||||||
|
spec:
|
||||||
|
externalIPs:
|
||||||
|
- 10.42.42.150
|
||||||
|
externalTrafficPolicy: Local
|
||||||
|
logs:
|
||||||
|
general:
|
||||||
|
level: WARN
|
||||||
|
ingressClass:
|
||||||
|
enabled: true
|
||||||
|
isDefaultClass: true
|
||||||
|
fallbackApiVersion: v1
|
||||||
|
globalArguments:
|
||||||
|
- "--providers.kubernetesingress.ingressclass=traefik"
|
||||||
|
- "--entryPoints.websecure.forwardedHeaders.trustedIPs=10.42.42.0/23"
|
||||||
|
additionalArguments:
|
||||||
|
- "--providers.kubernetesingress.ingressendpoint.ip=10.42.42.150"
|
||||||
|
ports:
|
||||||
|
traefik:
|
||||||
|
port: 9000
|
||||||
|
expose: true
|
||||||
|
web:
|
||||||
|
port: 8000
|
||||||
|
exposedPort: 8000
|
||||||
|
expose: true
|
||||||
|
websecure:
|
||||||
|
port: 8443
|
||||||
|
exposedPort: 8443
|
||||||
|
expose: true
|
||||||
|
pilot:
|
||||||
|
enabled: false
|
||||||
|
experimental:
|
||||||
|
plugins:
|
||||||
|
enabled: false
|
||||||
|
affinity: {}
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
memory: 100Mi
|
||||||
|
cpu: 500m
|
||||||
|
limits:
|
||||||
|
memory: 500Mi
|
4
flux/cluster/apps/networking/traefik/kustomization.yaml
Normal file
4
flux/cluster/apps/networking/traefik/kustomization.yaml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- helm-release.yaml
|
55
flux/cluster/apps/presidential-paradise/0x76dev/0x76.yaml
Normal file
55
flux/cluster/apps/presidential-paradise/0x76dev/0x76.yaml
Normal file
|
@ -0,0 +1,55 @@
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: x76dev
|
||||||
|
namespace: presidential-paradise
|
||||||
|
labels:
|
||||||
|
app: x76dev
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: x76dev
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: x76dev
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: x76dev
|
||||||
|
image: registry.xirion.net/library/0x76.dev
|
||||||
|
ports:
|
||||||
|
- containerPort: 8080
|
||||||
|
imagePullSecrets:
|
||||||
|
- name: xirion-registry-creds
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: x76dev-service
|
||||||
|
namespace: presidential-paradise
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
app: x76dev
|
||||||
|
ports:
|
||||||
|
- protocol: TCP
|
||||||
|
port: 8080
|
||||||
|
---
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: x76dev-ingress
|
||||||
|
namespace: presidential-paradise
|
||||||
|
spec:
|
||||||
|
ingressClassName: "traefik"
|
||||||
|
rules:
|
||||||
|
- host: "0x76.dev"
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: x76dev-service
|
||||||
|
port:
|
||||||
|
number: 8080
|
|
@ -0,0 +1,4 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- 0x76.yaml
|
|
@ -0,0 +1,7 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- xirion-registry-creds.yaml
|
||||||
|
- 0x76dev
|
||||||
|
- wooloofanclub
|
||||||
|
- zookeeper
|
|
@ -0,0 +1,4 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- wooloo.yaml
|
|
@ -0,0 +1,98 @@
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: wooloofan-club
|
||||||
|
namespace: presidential-paradise
|
||||||
|
labels:
|
||||||
|
app: wooloofan-club
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: wooloofan-club
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: wooloofan-club
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: wooloofan-club
|
||||||
|
image: 0x76/wooloofan.club
|
||||||
|
ports:
|
||||||
|
- containerPort: 80
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: wooloofan-club-whoami
|
||||||
|
namespace: presidential-paradise
|
||||||
|
labels:
|
||||||
|
app: wooloofan-club-whoami
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: wooloofan-club-whoami
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: wooloofan-club-whoami
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: wooloofan-club-whoami
|
||||||
|
image: containous/whoami
|
||||||
|
ports:
|
||||||
|
- containerPort: 80
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: wooloofan-club-service
|
||||||
|
namespace: presidential-paradise
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
app: wooloofan-club
|
||||||
|
ports:
|
||||||
|
- protocol: TCP
|
||||||
|
port: 80
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: wooloofan-club-whoami-service
|
||||||
|
namespace: presidential-paradise
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
app: wooloofan-club-whoami
|
||||||
|
ports:
|
||||||
|
- protocol: TCP
|
||||||
|
port: 80
|
||||||
|
---
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: wooloofan-club-ingress
|
||||||
|
namespace: presidential-paradise
|
||||||
|
spec:
|
||||||
|
ingressClassName: "traefik"
|
||||||
|
rules:
|
||||||
|
- host: "wooloofan.club"
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: wooloofan-club-service
|
||||||
|
port:
|
||||||
|
number: 80
|
||||||
|
- host: "whoami.wooloofan.club"
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: wooloofan-club-whoami-service
|
||||||
|
port:
|
||||||
|
number: 80
|
|
@ -0,0 +1,19 @@
|
||||||
|
apiVersion: external-secrets.io/v1alpha1
|
||||||
|
kind: ExternalSecret
|
||||||
|
metadata:
|
||||||
|
name: xirion-registry-creds
|
||||||
|
namespace: presidential-paradise
|
||||||
|
spec:
|
||||||
|
refreshInterval: "5m"
|
||||||
|
secretStoreRef:
|
||||||
|
name: vault
|
||||||
|
kind: ClusterSecretStore
|
||||||
|
target:
|
||||||
|
name: xirion-registry-creds
|
||||||
|
template:
|
||||||
|
type: kubernetes.io/dockerconfigjson
|
||||||
|
data:
|
||||||
|
- secretKey: .dockerconfigjson
|
||||||
|
remoteRef:
|
||||||
|
key: xirion-registry-creds
|
||||||
|
property: dockerconfigjson
|
|
@ -0,0 +1,53 @@
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: zookeeper
|
||||||
|
namespace: presidential-paradise
|
||||||
|
labels:
|
||||||
|
app: zookeeper
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: zookeeper
|
||||||
|
strategy:
|
||||||
|
type: RollingUpdate
|
||||||
|
rollingUpdate:
|
||||||
|
maxSurge: 34%
|
||||||
|
maxUnavailable: 34%
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
name: zookeeper
|
||||||
|
labels:
|
||||||
|
app: zookeeper
|
||||||
|
spec:
|
||||||
|
imagePullSecrets:
|
||||||
|
- name: xirion-registry-creds
|
||||||
|
containers:
|
||||||
|
- name: zookeeper
|
||||||
|
image: registry.xirion.net/library/zookeeper:0.3.1 # {"$imagepolicy": "flux-system:zookeeper"}
|
||||||
|
ports:
|
||||||
|
- name: web
|
||||||
|
containerPort: 8085
|
||||||
|
- name: epmd
|
||||||
|
containerPort: 4369
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: zookeeper
|
||||||
|
env:
|
||||||
|
- name: LANG
|
||||||
|
value: C.UTF-8
|
||||||
|
- name: HOSTNAME
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: status.podIP
|
||||||
|
- name: SERVICE_NAME
|
||||||
|
value: zookeeper-private.presidential-paradise.svc.cluster.local
|
||||||
|
resources: {}
|
||||||
|
securityContext:
|
||||||
|
privileged: false
|
||||||
|
procMount: Default
|
||||||
|
terminationMessagePath: /dev/termination-log
|
||||||
|
terminationMessagePolicy: File
|
||||||
|
dnsPolicy: ClusterFirst
|
||||||
|
terminationGracePeriodSeconds: 30
|
|
@ -0,0 +1,33 @@
|
||||||
|
apiVersion: external-secrets.io/v1alpha1
|
||||||
|
kind: ExternalSecret
|
||||||
|
metadata:
|
||||||
|
name: zookeeper
|
||||||
|
namespace: presidential-paradise
|
||||||
|
spec:
|
||||||
|
refreshInterval: "5m"
|
||||||
|
secretStoreRef:
|
||||||
|
name: vault
|
||||||
|
kind: ClusterSecretStore
|
||||||
|
target:
|
||||||
|
name: zookeeper
|
||||||
|
data:
|
||||||
|
- secretKey: DISCORD_APP_ID
|
||||||
|
remoteRef:
|
||||||
|
key: presidential-paradise/zookeeper
|
||||||
|
property: discord_app_id
|
||||||
|
- secretKey: DISCORD_PUBLIC_KEY
|
||||||
|
remoteRef:
|
||||||
|
key: presidential-paradise/zookeeper
|
||||||
|
property: discord_public_key
|
||||||
|
- secretKey: DISCORD_TOKEN
|
||||||
|
remoteRef:
|
||||||
|
key: presidential-paradise/zookeeper
|
||||||
|
property: discord_token
|
||||||
|
- secretKey: TWITTER_TOKEN
|
||||||
|
remoteRef:
|
||||||
|
key: presidential-paradise/zookeeper
|
||||||
|
property: twitter_token
|
||||||
|
- secretKey: RELEASE_COOKIE
|
||||||
|
remoteRef:
|
||||||
|
key: presidential-paradise/zookeeper
|
||||||
|
property: erlang_cookie
|
|
@ -0,0 +1,18 @@
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: zookeeper
|
||||||
|
namespace: presidential-paradise
|
||||||
|
spec:
|
||||||
|
rules:
|
||||||
|
- host: "zookeeper.0x76.dev"
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: zookeeper
|
||||||
|
port:
|
||||||
|
number: 8085
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- external-secret.yaml
|
||||||
|
- deployment.yaml
|
||||||
|
- svc.yaml
|
||||||
|
- ingress.yaml
|
27
flux/cluster/apps/presidential-paradise/zookeeper/svc.yaml
Normal file
27
flux/cluster/apps/presidential-paradise/zookeeper/svc.yaml
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: zookeeper-private
|
||||||
|
namespace: presidential-paradise
|
||||||
|
spec:
|
||||||
|
clusterIP: None
|
||||||
|
ports:
|
||||||
|
- name: epmd
|
||||||
|
port: 4369
|
||||||
|
targetPort: epmd
|
||||||
|
protocol: TCP
|
||||||
|
selector:
|
||||||
|
app: zookeeper
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: zookeeper
|
||||||
|
namespace: presidential-paradise
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
targetPort: web
|
||||||
|
port: 8085
|
||||||
|
selector:
|
||||||
|
app: zookeeper
|
15
flux/cluster/base/apps.yaml
Normal file
15
flux/cluster/base/apps.yaml
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
---
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: apps
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 10m0s
|
||||||
|
dependsOn:
|
||||||
|
- name: core
|
||||||
|
path: ./cluster/apps
|
||||||
|
prune: true
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
15
flux/cluster/base/core.yaml
Normal file
15
flux/cluster/base/core.yaml
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
---
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: core
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 10m0s
|
||||||
|
dependsOn:
|
||||||
|
- name: crds
|
||||||
|
path: ./cluster/core
|
||||||
|
prune: false
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
13
flux/cluster/base/crds.yaml
Normal file
13
flux/cluster/base/crds.yaml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: crds
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 10m0s
|
||||||
|
path: ./cluster/crds
|
||||||
|
prune: false
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta1
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: external-secrets-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 15m0s
|
||||||
|
url: https://charts.external-secrets.io
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- metallb-charts.yaml
|
||||||
|
- traefik-charts.yaml
|
||||||
|
- external-secrets-charts.yaml
|
||||||
|
|
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta1
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: metallb-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 15m0s
|
||||||
|
url: https://metallb.github.io/metallb
|
||||||
|
|
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta1
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: traefik-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 15m
|
||||||
|
url: https://helm.traefik.io/traefik
|
||||||
|
timeout: 3m
|
5
flux/cluster/base/flux-system/charts/kustomization.yaml
Normal file
5
flux/cluster/base/flux-system/charts/kustomization.yaml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- helm
|
||||||
|
|
6234
flux/cluster/base/flux-system/gotk-components.yaml
Normal file
6234
flux/cluster/base/flux-system/gotk-components.yaml
Normal file
File diff suppressed because it is too large
Load diff
27
flux/cluster/base/flux-system/gotk-sync.yaml
Normal file
27
flux/cluster/base/flux-system/gotk-sync.yaml
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
# This manifest was generated by flux. DO NOT EDIT.
|
||||||
|
---
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta1
|
||||||
|
kind: GitRepository
|
||||||
|
metadata:
|
||||||
|
name: flux-system
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 1m0s
|
||||||
|
ref:
|
||||||
|
branch: main
|
||||||
|
secretRef:
|
||||||
|
name: flux-system
|
||||||
|
url: ssh://git@git.xirion.net:2222/olympus/flux.git
|
||||||
|
---
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: flux-system
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 10m0s
|
||||||
|
path: ./cluster/base
|
||||||
|
prune: true
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
|
@ -0,0 +1,24 @@
|
||||||
|
apiVersion: image.toolkit.fluxcd.io/v1beta1
|
||||||
|
kind: ImageUpdateAutomation
|
||||||
|
metadata:
|
||||||
|
name: flux-system
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 1m0s
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
||||||
|
git:
|
||||||
|
checkout:
|
||||||
|
ref:
|
||||||
|
branch: main
|
||||||
|
commit:
|
||||||
|
author:
|
||||||
|
email: fluxcdbot@users.noreply.github.com
|
||||||
|
name: fluxcdbot
|
||||||
|
messageTemplate: '{{range .Updated.Images}}{{println .}}{{end}}'
|
||||||
|
push:
|
||||||
|
branch: main
|
||||||
|
update:
|
||||||
|
path: ./cluster/
|
||||||
|
strategy: Setters
|
|
@ -0,0 +1,5 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- image-update-automation.yaml
|
||||||
|
- zookeeper.yaml
|
|
@ -0,0 +1,22 @@
|
||||||
|
apiVersion: image.toolkit.fluxcd.io/v1beta1
|
||||||
|
kind: ImageRepository
|
||||||
|
metadata:
|
||||||
|
name: zookeeper
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
image: registry.xirion.net/library/zookeeper
|
||||||
|
interval: 1m0s
|
||||||
|
secretRef:
|
||||||
|
name: xirion-registry-creds
|
||||||
|
---
|
||||||
|
apiVersion: image.toolkit.fluxcd.io/v1beta1
|
||||||
|
kind: ImagePolicy
|
||||||
|
metadata:
|
||||||
|
name: zookeeper
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
imageRepositoryRef:
|
||||||
|
name: zookeeper
|
||||||
|
policy:
|
||||||
|
semver:
|
||||||
|
range: "*"
|
8
flux/cluster/base/flux-system/kustomization.yaml
Normal file
8
flux/cluster/base/flux-system/kustomization.yaml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- gotk-components.yaml
|
||||||
|
- gotk-sync.yaml
|
||||||
|
- xirion-registry-creds.yaml
|
||||||
|
- image-update-automation
|
||||||
|
- charts
|
19
flux/cluster/base/flux-system/xirion-registry-creds.yaml
Normal file
19
flux/cluster/base/flux-system/xirion-registry-creds.yaml
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
apiVersion: external-secrets.io/v1alpha1
|
||||||
|
kind: ExternalSecret
|
||||||
|
metadata:
|
||||||
|
name: xirion-registry-creds
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
refreshInterval: "5m"
|
||||||
|
secretStoreRef:
|
||||||
|
name: vault
|
||||||
|
kind: ClusterSecretStore
|
||||||
|
target:
|
||||||
|
name: xirion-registry-creds
|
||||||
|
template:
|
||||||
|
type: kubernetes.io/dockerconfigjson
|
||||||
|
data:
|
||||||
|
- secretKey: .dockerconfigjson
|
||||||
|
remoteRef:
|
||||||
|
key: xirion-registry-creds
|
||||||
|
property: dockerconfigjson
|
|
@ -0,0 +1,24 @@
|
||||||
|
---
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: external-secrets
|
||||||
|
namespace: external-secrets
|
||||||
|
spec:
|
||||||
|
interval: 5m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
# renovate: registryUrl=https://charts.external-secrets.io
|
||||||
|
chart: external-secrets
|
||||||
|
version: 0.3.7
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: external-secrets-charts
|
||||||
|
namespace: flux-system
|
||||||
|
interval: 5m
|
||||||
|
values:
|
||||||
|
installCRDs: false
|
||||||
|
install:
|
||||||
|
crds: Skip
|
||||||
|
upgrade:
|
||||||
|
crds: Skip
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- helm-release.yaml
|
||||||
|
- vault-secret-store.yaml
|
|
@ -0,0 +1,26 @@
|
||||||
|
apiVersion: external-secrets.io/v1alpha1
|
||||||
|
kind: ClusterSecretStore
|
||||||
|
metadata:
|
||||||
|
name: vault
|
||||||
|
namespace: external-secrets
|
||||||
|
spec:
|
||||||
|
provider:
|
||||||
|
vault:
|
||||||
|
server: "http://10.42.42.6:8200"
|
||||||
|
path: "k8s"
|
||||||
|
version: "v2"
|
||||||
|
auth:
|
||||||
|
# VaultAppRole authenticates with Vault using the
|
||||||
|
# App Role auth mechanism
|
||||||
|
# https://www.vaultproject.io/docs/auth/approle
|
||||||
|
appRole:
|
||||||
|
# Path where the App Role authentication backend is mounted
|
||||||
|
path: "approle"
|
||||||
|
# RoleID configured in the App Role authentication backend
|
||||||
|
roleId: "bb841a0e-45c1-9dab-36f0-f72647d6aff0"
|
||||||
|
# Reference to a key in a K8 Secret that contains the App Role SecretId
|
||||||
|
# (not commited in git)
|
||||||
|
secretRef:
|
||||||
|
name: "vault-secret-id"
|
||||||
|
namespace: "external-secrets"
|
||||||
|
key: "secret-id"
|
5
flux/cluster/core/external-secrets/kustomization.yaml
Normal file
5
flux/cluster/core/external-secrets/kustomization.yaml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- external-secrets
|
7
flux/cluster/core/kustomization.yaml
Normal file
7
flux/cluster/core/kustomization.yaml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- namespaces
|
||||||
|
- networking
|
||||||
|
- external-secrets
|
||||||
|
|
5
flux/cluster/core/namespaces/external-secrets.yaml
Normal file
5
flux/cluster/core/namespaces/external-secrets.yaml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: external-secrets
|
7
flux/cluster/core/namespaces/kustomization.yaml
Normal file
7
flux/cluster/core/namespaces/kustomization.yaml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- presidential-paradise.yaml
|
||||||
|
- networking.yaml
|
||||||
|
- external-secrets.yaml
|
||||||
|
|
5
flux/cluster/core/namespaces/networking.yaml
Normal file
5
flux/cluster/core/namespaces/networking.yaml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: networking
|
6
flux/cluster/core/namespaces/presidential-paradise.yaml
Normal file
6
flux/cluster/core/namespaces/presidential-paradise.yaml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: presidential-paradise
|
||||||
|
|
5
flux/cluster/core/networking/kustomization.yaml
Normal file
5
flux/cluster/core/networking/kustomization.yaml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- metallb
|
31
flux/cluster/core/networking/metallb/helm-release.yaml
Normal file
31
flux/cluster/core/networking/metallb/helm-release.yaml
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
---
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: metallb
|
||||||
|
namespace: networking
|
||||||
|
spec:
|
||||||
|
interval: 5m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
# renovate: registryUrl=https://metallb.github.io/metallb
|
||||||
|
chart: metallb
|
||||||
|
version: 0.10.3
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: metallb-charts
|
||||||
|
namespace: flux-system
|
||||||
|
interval: 5m
|
||||||
|
values:
|
||||||
|
configInline:
|
||||||
|
address-pools:
|
||||||
|
- name: default
|
||||||
|
protocol: layer2
|
||||||
|
addresses:
|
||||||
|
- 10.42.42.150-192.168.42.200
|
||||||
|
speaker:
|
||||||
|
tolerations:
|
||||||
|
- effect: "NoExecute"
|
||||||
|
operator: "Exists"
|
||||||
|
- effect: "NoSchedule"
|
||||||
|
operator: "Exists"
|
5
flux/cluster/core/networking/metallb/kustomization.yaml
Normal file
5
flux/cluster/core/networking/metallb/kustomization.yaml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- helm-release.yaml
|
31
flux/cluster/crds/external-secrets/crds.yaml
Normal file
31
flux/cluster/crds/external-secrets/crds.yaml
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
---
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta1
|
||||||
|
kind: GitRepository
|
||||||
|
metadata:
|
||||||
|
name: external-secrets-crd-source
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 30m
|
||||||
|
url: https://github.com/external-secrets/external-secrets.git
|
||||||
|
ref:
|
||||||
|
# renovate: registryUrl=https://charts.external-secrets.io chart=external-secrets
|
||||||
|
tag: v0.3.7
|
||||||
|
ignore: |
|
||||||
|
# exclude all
|
||||||
|
/*
|
||||||
|
# path to crds
|
||||||
|
!/deploy/crds/
|
||||||
|
---
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: external-secrets-crds
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 15m
|
||||||
|
prune: false
|
||||||
|
wait: true
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: external-secrets-crd-source
|
||||||
|
|
4
flux/cluster/crds/external-secrets/kustomization.yaml
Normal file
4
flux/cluster/crds/external-secrets/kustomization.yaml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- crds.yaml
|
5
flux/cluster/crds/kustomization.yaml
Normal file
5
flux/cluster/crds/kustomization.yaml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- traefik
|
||||||
|
- external-secrets
|
30
flux/cluster/crds/traefik/crds.yaml
Normal file
30
flux/cluster/crds/traefik/crds.yaml
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
---
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta1
|
||||||
|
kind: GitRepository
|
||||||
|
metadata:
|
||||||
|
name: traefik-crd-source
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 30m
|
||||||
|
url: https://github.com/traefik/traefik-helm-chart.git
|
||||||
|
ref:
|
||||||
|
# renovate: registryUrl=https://helm.traefik.io/traefik chart=traefik
|
||||||
|
tag: v10.6.2
|
||||||
|
ignore: |
|
||||||
|
# exclude all
|
||||||
|
/*
|
||||||
|
# path to crds
|
||||||
|
!/traefik/crds/
|
||||||
|
---
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: traefik-crds
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 15m
|
||||||
|
prune: false
|
||||||
|
wait: true
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: traefik-crd-source
|
4
flux/cluster/crds/traefik/kustomization.yaml
Normal file
4
flux/cluster/crds/traefik/kustomization.yaml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- crds.yaml
|
Loading…
Reference in a new issue